Hemanth Joseph

Hemanth Joseph, a Kerala based security researcher bypasses Apple’s iPad activation lock

Hemanth Joseph, a security researcher based in Kerala has reportedly discovered a bug running on iOS 10.1 using his iPad. The alleged loophole enabled him to bypass the activation lock on an iPad.

You should note that the activation lock in iPhone or iPad is very hard to hack other than the owner of the gadget. Moreover, it is more difficult to establish it a a new gadget.

According to a report published in Forbes, Joseph easily bypassed the activation lock in a locked iPad by discovering a weakness in the setup process of the iPad running iOS 10.1.

When he was prompted to select a Wi-Fi network, he choosed “other network” and tapped on WPA2-enterprise as the type of network to connect to. It provided him with three input filed namely name, username and password.

During testing, he noticed that there are no restriction on character in the three fields. Out of interest, he keyed in several characters beyond the capacity of iOS. He expected that the software could crash.

As predicted, his iPad was frozen. After that, he locked it by closing Apple’s magnetic Smart Cover over the display. However, the iPad was at the same display after opening the cover.

After few seconds, iPad crashed to iOS home screen dashboard. This activity caused Joseph to bypass the activation lock enabling him to access the iPad completely. In the meantime, Apple had resolved the bug after Joseph reported it to the Cupertino-based tech giant.

In the past, researchers at US-based Vulnerability Lab discovered the iOS 10.1.1 bug. They reproduced the same bug which the Joseph reproduced.

Joseph is currently serving as information security researcher at the company named Slash Secure. He is also working as commander at Kerala Police Cyberdome. He is also the founder of 0SecCon, which is India’s first open security community for students.

If you verify Google’s Hall of Fame, you will find Joseph’s name. He also received a bounty of $7500 for reporting a critical vulnerability in Google Cloud Platform.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *